Jarrett Kolthoff | May 26th, 2020


Business Journal Ask the Expert Column – May 2020

As a CEO, you encounter new and challenging risks daily, and on bad days, on an hourly basis and is important to be cyber-aware. From a financial crisis to a natural disaster, you as the CEO have to be both proactive and reactive in every situation. I have mentioned multiple times in my Ask The Experts, it is not a matter of if a cyberattack occurs, but when. A cybersecurity breach has closed a number of businesses across the country in the last few weeks amidst the COVID-19 pandemic. When this day comes, it is you who people will hold responsible after your company suffers a data breach.

Being Cyber-Aware

Although your company may have fallen victim to a cyberattack, it will also affect your own personal reputation. Furthermore, you will be questioned why your customers’ and employees’ information was not properly secured.

In 2020, cybersecurity is no longer just an IT problem. Cybersecurity and understanding the corporation’s risk profile is a part of board meetings and is the responsibility of these senior leaders. This means it is your responsibility to be a cyber-aware CEO. Having an incident response plan and a cybersecurity roadmap for the future is a critical element in baselining your preparedness prior to an event occurring. Cyberattacks are occurring more than ever right now. Your organization’s risk profile needs to be established and consistently reviewed. You may not be able to prevent every attack from occurring, but your success in defending and responding to these incidents will establish the market response to the incident. 

Being a cyber-aware CEO means holding security to a higher standard for everyone in an organization. Board members and C-suite executives are some of the highest-targeted employees in an organization. This means they should, in theory, be the most highly trained and aware within your firm, as well as the most competent in leading when it comes to handling these crisis situations. Creating newsletters and security reporting that flow up through the executive team creates an organization aware of cybersecurity threats before they result in a damaging incident.

A cyber-aware CEO realizes the value of practice and role-playing scenarios. Practicing different situations of a cybersecurity incident with all necessary parties is a great way to have a strong leadership team around you ready to react to cyberattacks. It is crucial to practice with your team to proactively prepare for these types of events to reduce the possibility of mistakes and prepare for unavoidable surprises during a breach. Tabletop exercises are a great way to instil confidence in team members about the possibility of a cyber crisis. Even though cyberattacks vary, having a plan in place takes the guesswork out of saving your business from a data breach.

Being a cyber-aware CEO breaks down into four simple steps:

  1. Evaluate current cybersecurity capabilities including reviewing your cyber insurance policy
  2. Establish a strong internal cybersecurity awareness at the Board and C-suite level
  3. Review your data—what data your company holds, where the data lives, and review with counsel your retention policy
  4. Have relationships with experts including legal, forensics, and public relations so you can react quickly with the proper expertise on your side

Your reputation is on the line, but this is your chance to guide the plan and procedures your organization will take. Being a cyber-aware CEO also means knowing where your current internal security strengths and weaknesses are. Bring in security experts to create a roadmap to set priorities in the environment.

For more information on how to be a cyber-aware CEO and improve your organization’s cybersecurity posture, feel free to email with the subject of “Ask the Expert” or visit

24/7 Breach Response: 833. 997. 7327


Connect With Us

Featured Articles

Cuttlefish Malware
Cuttlefish Malware: A New Threat to Routers and Traffic Monitoring
24 May 2024
Security Awareness Training
Security Awareness Training Crucial Role
22 May 2024
Phishing Campaign Assessments
Phishing Campaign Assessments Can Be Effective For Companies
20 May 2024
Incident Response Planning
Incident Response Planning: Why It's Important
17 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Frequently Asked Questions

What specific steps should a CEO take to implement a cyber awareness program within their organization?

Implementing a cyber awareness program requires several key steps. First, the CEO should assess the existing level of cyber awareness within the organization and identify areas that need improvement. They should then develop a comprehensive strategy that includes setting clear goals, establishing policies and procedures, and allocating resources for training and awareness initiatives. The CEO should also designate a dedicated team or individual responsible for overseeing the program's implementation and monitoring progress. Regular assessments and evaluations should be conducted to measure the effectiveness of the program and make necessary adjustments.

Are there any recommended resources or tools available to help CEOs enhance their cyber awareness knowledge and skills?

Several resources and tools can assist CEOs in enhancing their cyber awareness knowledge and skills. They can consider attending cybersecurity conferences, workshops, or seminars to gain insights from industry experts. Online training courses and certifications, such as those offered by reputable organizations like the International Information System Security Certification Consortium (ISC)² or the SANS Institute, can provide in-depth knowledge. Additionally, CEOs can follow reputable cybersecurity blogs, podcasts, or newsletters to stay updated on the latest trends, threats, and best practices.

How can CEOs ensure that their employees consistently adhere to the cyber awareness program and are actively engaged in protecting the organization from cyber threats?

To ensure consistent adherence and active engagement from employees, CEOs should adopt several strategies. Firstly, they should clearly communicate the importance of cybersecurity and the role each employee plays in protecting the organization. Regular and ongoing training sessions should be conducted to educate employees about the latest threats, techniques, and best practices. CEOs should also establish a culture of accountability and recognition, where employees are rewarded for practicing good cyber hygiene. Regular reminders, newsletters, and internal communication channels can help reinforce the cyber awareness program and keep it top of mind for employees. Continuous monitoring and periodic assessments can also identify areas where additional support or training may be required.

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.